LeRoy Cressy on Wed, 1 May 2002 15:10:14 +0200


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: firewalling high-numbered ports (WAS: [PLUG] Problems with Apache and FTP)



Bill Jonas wrote:
> 
> On Mon, Apr 29, 2002 at 01:39:32PM -0400, Philip Ravenscroft wrote:
> > This lets in all non-SYN packets that originate on port 80 (e.g.
> > return requests when I browse a Web site).
> 
> Actually, http requests don't originate on port 80, they originate on
> some other port that's higher than 1024.  The server's responses
> originate on port 80, though.

Apr 30 18:04:24 friendly kernel: Forward WWW Request IN=eth0 OUT=
MAC=00:40:05:3a:33:a5:00:10:e8:09:14:dc:08:00 SRC=195.82.196.158
DST=64.194.227.197 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=1438 DF
PROTO=TCP SPT=1146 DPT=80 WINDOW=8760 RES=0x00 SYN URGP=0

The source port can be anything as indicated by my logs, but the
destination port is 80 for apache.  Apache then responds on dport 80
with the fulfilled request.


> 
> --
> Bill Jonas    *    bill@billjonas.com    *    http://www.billjonas.com/
> "They that can give up  essential  liberty to obtain a little temporary
> safety deserve neither liberty nor safety."        -- Benjamin Franklin
> 
>   ------------------------------------------------------------------------
>    Part 1.2Type: application/pgp-signature

-- 
Rev. LeRoy D. Cressy   mailto:leroy@lrcressy.com   /\_/\
                       http://lrcressy.com        ( o.o )
                       Phone:  215-535-4037        > ^ <

Jesus saith unto him, I am the way, the truth, and the life: 
no man cometh unto the Father, but by me. (John 14:6)

______________________________________________________________________
Philadelphia Linux Users Group       -      http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug